Solved Win64/patched.a.gen trojan and sirefef

and part 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4BDD17A2-5F17-283C-33DF-2C05003F72F3}]
2009-07-14 01:1673728----a-w-c:\windows\SysWOW64\shpaffact.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5C7704B2-119B-5A3B-6CFF-30F40C59173C}]
2009-07-14 01:1573728----a-w-c:\windows\SysWOW64\BWContexxtHandler.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-09 738168]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Airytec Switch Off"="c:\program files\Airytec\Switch Off\swoff.exe" [2010-10-31 179712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-01 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 HP-MPI SMPID;HP-MPI Remote Launch;c:\program files (x86)\Hewlett-Packard\HP-MPI\sbin\HPMPIWin32Service.exe [2009-06-04 367616]
R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [x]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 179712]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 179712]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1431888]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
R4 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2010-09-20 4390912]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-01-14 330488]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:07]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000Core.job
- c:\users\Ioana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 12:58]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000UA.job
- c:\users\Ioana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = cache.utcluj.ro:3128
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-21 06:02:51
ComboFix-quarantined-files.txt 2012-06-21 03:02
ComboFix2.txt 2012-06-21 02:30
ComboFix3.txt 2012-02-15 02:14
.
Pre-Run: 48.757.981.184 bytes free
Post-Run: 48.704.167.936 bytes free
.
- - End Of File - - 7B90EA2E3E58D493D8A281B4711AB31E
 
Looks good.

How is computer doing?

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
I'm glad...I was quite scared of all those "impossible to clean". the computer is oki.... :) I'll tell you more when it restarts again
 
mbam log


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ioana :: IOANA-PC [administrator]

Protection: Disabled

21.06.2012 06:18:52
mbam-log-2012-06-21 (06-18-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233293
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
 
aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 06:25:42
-----------------------------
06:25:42.499 OS Version: Windows x64 6.1.7600
06:25:42.500 Number of processors: 8 586 0x1E05
06:25:42.500 ComputerName: IOANA-PC UserName: Ioana
06:25:43.202 Initialize success
06:26:17.250 AVAST engine defs: 12062001
06:26:24.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:26:24.573 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
06:26:24.583 Disk 0 MBR read successfully
06:26:24.589 Disk 0 MBR scan
06:26:24.599 Disk 0 Windows 7 default MBR code
06:26:24.607 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 102400 MB offset 2048
06:26:24.628 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152400 MB offset 209717248
06:26:24.652 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 521832448
06:26:24.665 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 222038 MB offset 522037248
06:26:24.712 Disk 0 scanning C:\Windows\system32\drivers
06:26:36.643 Service scanning
06:27:40.629 Modules scanning
06:27:40.651 Disk 0 trace - called modules:
06:27:41.006 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
06:27:41.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dff060]
06:27:41.028 3 CLASSPNP.SYS[fffff88001ad143f] -> nt!IofCallDriver -> [0xfffffa8004c7da90]
06:27:41.036 5 stdcfltn.sys[fffff8800164bc52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ad4050]
06:27:41.955 AVAST engine scan C:\Windows
06:27:47.748 AVAST engine scan C:\Windows\system32
06:30:09.919 AVAST engine scan C:\Windows\system32\drivers
06:30:22.151 AVAST engine scan C:\Users\Ioana
06:34:48.511 AVAST engine scan C:\ProgramData
06:36:17.012 Scan finished successfully
06:37:21.790 Disk 0 MBR has been saved successfully to "C:\Users\Ioana\Desktop\MBR.dat"
06:37:21.799 The log file has been saved successfully to "C:\Users\Ioana\Desktop\aswMBR.txt"
 
Looks good :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
otl.txt 1

OTL logfile created on: 21.06.2012 06:57:49 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Ioana\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,37% Memory free
7,87 Gb Paging File | 5,55 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 45,30 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive D: | 148,83 Gb Total Space | 125,62 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive E: | 216,83 Gb Total Space | 98,99 Gb Free Space | 45,65% Space Free | Partition Type: NTFS

Computer Name: IOANA-PC | User Name: Ioana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.21 06:54:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
PRC - [2012.02.13 11:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010.08.02 12:55:38 | 000,726,640 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.02.17 02:30:48 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010.01.14 07:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
PRC - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [1998.08.13 09:28:02 | 000,025,600 | ---- | M] (Hummingbird Communications Ltd.) -- C:\Windows\SysWOW64\Hummbird\inetd32.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.07 11:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012.06.07 11:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012.06.07 11:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012.06.07 11:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012.06.07 11:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012.06.07 11:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012.06.07 11:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012.06.07 10:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2010.08.02 12:55:38 | 000,726,640 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.02.17 02:30:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011.06.09 12:57:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.10.31 21:37:52 | 000,179,712 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV:64bit: - [2010.10.31 21:37:52 | 000,179,712 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV:64bit: - [2010.10.05 08:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010.09.20 23:20:59 | 004,390,912 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV:64bit: - [2010.06.01 22:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 04:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 04:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.07.14 04:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009.07.14 04:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009.07.14 04:39:21 | 000,065,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
SRV:64bit: - [2009.07.14 04:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2012.04.03 11:07:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.09 13:48:42 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.09 13:41:33 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2010.01.14 07:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe -- (QDLService2kDell) Qualcomm Gobi 2000 Download Service (Dell)
SRV - [2009.11.26 11:53:44 | 000,447,488 | R--- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.07.14 04:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 04:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 04:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.07.14 04:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.07.14 04:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 15:47:48 | 000,367,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP-MPI\sbin\hpmpiwin32service.exe -- (HP-MPI SMPID)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.10 19:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [1998.08.13 09:28:02 | 000,025,600 | ---- | M] (Hummingbird Communications Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\Hummbird\inetd32.exe -- (HCLInetd)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012.04.05 10:21:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011.08.04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011.08.04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011.08.04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2010.07.09 10:42:16 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.07.09 10:42:08 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.06.01 22:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.01 21:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.10.12 19:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009.07.14 02:35:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psxdrv.sys -- (PsxDrv)
DRV:64bit: - [2009.07.14 02:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 02:24:45 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr)
DRV:64bit: - [2009.07.14 02:24:23 | 000,262,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
DRV:64bit: - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.07.02 22:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.02 22:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.02 22:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.02 22:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.07.01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{11A24597-D231-4A5F-925E-AB4D09094BF4}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=D6FC9E7C-7EEE-4578-BE99-3DC2C315E7E4
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = cache.utcluj.ro:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: "cache.utcluj.ro"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "cache.utcluj.ro"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "cache.utcluj.ro"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "cache.utcluj.ro"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "cache.utcluj.ro"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, .utcluj.ro, 192.168.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "cache.utcluj.ro"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "cache.utcluj.ro"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ioana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ioana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012.02.15 01:59:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.02.15 01:59:15 | 000,000,000 | ---D | M]

[2011.12.11 11:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ioana\AppData\Roaming\Mozilla\Extensions
[2012.01.06 01:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\extensions
[2011.09.13 10:10:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.09.13 10:11:34 | 000,002,396 | ---- | M] () -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\searchplugins\askcom.xml
[2011.04.07 00:53:20 | 000,002,059 | ---- | M] () -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\searchplugins\daemon-search.xml
[2011.12.10 18:45:47 | 000,002,519 | ---- | M] () -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.115_0\npqscan.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ioana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Fast save = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\camneihmgahaliekdppnjolhagegoegh\1.1_0\
CHR - Extension: Love Smoke = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb\1_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.115_0\

O1 HOSTS File: ([2012.06.21 06:00:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {4BDD17A2-5F17-283C-33DF-2C05003F72F3} - C:\Windows\SysWOW64\shpaffact.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {5C7704B2-119B-5A3B-6CFF-30F40C59173C} - C:\Windows\SysWOW64\BWContexxtHandler.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000..\Run: [Airytec Switch Off] C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
O4 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46035EEC-3169-4C24-B31E-64922F33E94D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89CFF7F2-7277-460B-A168-D29BFC9A1F8B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.07 13:07:44 | 000,000,000 | R--D | M] - D:\Autodesk AutoCAD 2010 [64-bit] -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.06.21 13:40:52 | 000,000,000 | ---D | C] -- C:\FRST
[2012.06.21 06:54:52 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
[2012.06.21 06:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.21 06:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.21 06:13:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.21 04:33:26 | 004,563,905 | R--- | C] (Swearware) -- C:\Users\Ioana\Desktop\ComboFix.exe
[2012.06.21 03:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Specialbit
[2012.06.21 00:33:01 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition
[2012.06.21 00:23:00 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition
[2012.06.21 00:12:36 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.06.21 00:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.06.21 00:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.06.19 00:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Mad Head Games
[2012.06.18 09:59:33 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\AlawarEntertainment
[2012.06.12 23:56:48 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\World-LooM
[2012.06.08 10:12:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.06.08 10:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012.06.08 10:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2012.06.08 10:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2012.06.05 11:37:18 | 000,000,000 | ---D | C] -- C:\Users\Ioana\Desktop\Luca
[2012.06.01 11:26:15 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Artogon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.21 06:54:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
[2012.06.21 06:37:21 | 000,000,512 | ---- | M] () -- C:\Users\Ioana\Desktop\MBR.dat
[2012.06.21 06:18:04 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.21 06:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000UA.job
[2012.06.21 06:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.21 06:00:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.21 05:42:53 | 000,165,376 | ---- | M] () -- C:\Users\Ioana\Desktop\SystemLook_x64.exe
[2012.06.21 05:38:43 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 05:38:43 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 05:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 05:11:57 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 04:33:51 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Ioana\Desktop\ComboFix.exe
[2012.06.21 01:00:46 | 002,436,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.21 00:33:01 | 000,000,948 | ---- | M] () -- C:\Users\Ioana\Desktop\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition.lnk
[2012.06.20 12:22:14 | 000,251,897 | ---- | M] () -- C:\Users\Ioana\Desktop\16062012428.jpg
[2012.06.20 12:18:56 | 000,250,736 | ---- | M] () -- C:\Users\Ioana\Desktop\16062012427.jpg
[2012.06.20 12:17:39 | 000,261,054 | ---- | M] () -- C:\Users\Ioana\Desktop\16062012425.jpg
[2012.06.19 12:14:39 | 000,839,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.19 12:14:39 | 000,705,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.19 12:14:39 | 000,135,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 11:10:21 | 001,262,536 | ---- | M] () -- C:\Users\Ioana\Desktop\Tolerante si Control Dimensional - Curs - Pater.pdf
[2012.06.08 10:58:46 | 000,000,173 | ---- | M] () -- C:\Users\Ioana\Documents\acad.err
[2012.06.08 10:05:54 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2012.06.07 16:53:14 | 000,000,000 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Temptable.xml
[2012.06.07 12:13:54 | 000,011,116 | ---- | M] () -- C:\Users\Ioana\Desktop\Tranzactii_pe_perioada.pdf
[2012.06.03 03:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000Core.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========
 
otl.txt 2

========== Files Created - No Company Name ==========

[2012.06.21 06:37:21 | 000,000,512 | ---- | C] () -- C:\Users\Ioana\Desktop\MBR.dat
[2012.06.21 06:18:04 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.21 05:42:52 | 000,165,376 | ---- | C] () -- C:\Users\Ioana\Desktop\SystemLook_x64.exe
[2012.06.21 00:33:01 | 000,000,948 | ---- | C] () -- C:\Users\Ioana\Desktop\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition.lnk
[2012.06.20 12:18:47 | 000,250,736 | ---- | C] () -- C:\Users\Ioana\Desktop\16062012427.jpg
[2012.06.20 12:17:24 | 000,261,054 | ---- | C] () -- C:\Users\Ioana\Desktop\16062012425.jpg
[2012.06.20 12:15:49 | 000,251,897 | ---- | C] () -- C:\Users\Ioana\Desktop\16062012428.jpg
[2012.06.12 11:10:21 | 001,262,536 | ---- | C] () -- C:\Users\Ioana\Desktop\Tolerante si Control Dimensional - Curs - Pater.pdf
[2012.06.08 10:58:46 | 000,000,173 | ---- | C] () -- C:\Users\Ioana\Documents\acad.err
[2012.06.08 10:05:54 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2012.06.07 12:13:54 | 000,011,116 | ---- | C] () -- C:\Users\Ioana\Desktop\Tranzactii_pe_perioada.pdf
[2012.02.15 04:58:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.15 04:58:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.15 04:58:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.15 04:58:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.15 04:58:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.08 15:18:13 | 000,007,599 | ---- | C] () -- C:\Users\Ioana\AppData\Local\Resmon.ResmonCfg
[2012.02.08 00:09:40 | 000,017,408 | ---- | C] () -- C:\Users\Ioana\AppData\Local\WebpageIcons.db
[2011.10.17 13:50:12 | 000,852,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.14 02:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Ioana\AppData\Local\Temptable.xml
[2011.06.13 00:02:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.06.09 13:11:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011.06.07 09:06:59 | 000,001,698 | ---- | C] () -- C:\Windows\wincmd.ini
[2011.04.07 00:24:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\d33dx9_31.dll
[2011.04.06 17:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.06 17:20:21 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012.05.06 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET
[2011.04.13 00:04:53 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Airytec
[2012.06.18 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\AlawarEntertainment
[2012.01.09 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Amaranth Games
[2012.03.22 14:37:47 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Ansys
[2012.03.31 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Arkadium
[2012.06.05 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Artifex Mundi
[2012.06.01 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Artogon
[2011.06.09 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Autodesk
[2012.01.02 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Big Fish Games
[2011.11.15 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\BlamGames
[2012.05.28 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Blue Tea Games
[2011.07.15 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Boolat Games
[2012.05.25 00:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Boomzap
[2011.05.25 00:47:17 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\BSplayer
[2011.04.23 01:23:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\BSplayer Pro
[2011.09.14 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Canneverbe Limited
[2011.07.12 00:51:25 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Canon
[2012.04.22 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DAEMON Tools Lite
[2011.10.17 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DAEMON Tools Pro
[2012.05.11 01:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DailyMagic
[2012.04.20 08:31:01 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Dark Blue Games
[2011.06.09 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DassaultSystemes
[2011.11.25 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DieselPuppet
[2012.01.24 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\EleFun Games
[2012.04.22 23:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Elephant Games
[2012.04.18 23:53:06 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\EntwinedSoD
[2012.06.19 14:09:06 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\ERS Game Studios
[2012.02.15 02:00:12 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\ESET
[2011.06.07 09:28:32 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Fluent.Inc
[2012.02.07 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\FlyWheelGames
[2012.05.03 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Free Online Radio Player Recorder
[2012.03.21 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Friday's games
[2012.02.20 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Frogwares
[2011.10.12 22:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Funswitch
[2012.06.15 11:20:10 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Fuzzy Bug Interactive
[2012.03.23 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\GameInvest
[2012.02.18 20:18:17 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Gamers Digital
[2011.04.06 23:14:14 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\GetRightToGo
[2011.07.22 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Gogii
[2011.07.16 14:30:42 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\IntrigueIncRavensFlightStrategyGuide
[2012.04.06 08:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Launcher
[2012.06.19 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Mad Head Games
[2011.12.03 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Merscom
[2012.02.29 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\MumboJumbo
[2012.04.19 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Music Editor Free
[2011.10.06 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Mystery of Mortlake Mansion
[2011.10.24 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Namco
[2012.05.15 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Orneon
[2011.04.07 10:22:31 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\PCDr
[2012.01.08 00:12:02 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\PlayFirst
[2012.06.18 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\QuickScan
[2012.03.01 14:35:12 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\ShamanGS
[2011.07.15 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Skunk Studios
[2012.02.12 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Smart PDF Creator
[2012.06.21 03:59:17 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Specialbit
[2012.05.20 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\SpinTop Games
[2011.11.29 16:29:29 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\SultanofPersia
[2011.07.10 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\SulusGames
[2012.05.18 11:16:59 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\tabagames
[2012.01.09 17:30:30 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Top Evidence
[2011.10.05 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Urban Legends The Maze Strategy Guide
[2012.06.21 05:35:45 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\uTorrent
[2012.04.01 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Vast Studios
[2011.07.15 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\VendelGAMES
[2012.06.14 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Vogat Interactive
[2011.04.06 17:23:54 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\WirelessManager
[2011.04.06 17:24:04 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\WMCore
[2012.06.12 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\World-LooM
[2012.06.21 02:28:56 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012.06.21 06:02:51 | 000,019,879 | ---- | M] () -- C:\ComboFix.txt
[2011.04.12 09:40:04 | 000,009,154 | ---- | M] () -- C:\debug1214.txt
[2011.06.24 12:19:19 | 000,000,032 | ---- | M] () -- C:\gambit.fnl
[2012.06.21 05:11:57 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 05:12:00 | 4224,225,280 | -HS- | M] () -- C:\pagefile.sys
[2012.06.20 23:47:57 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_20.06.2012_23.47.54_log.txt
[2012.06.20 23:51:18 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_20.06.2012_23.51.10_log.txt
[2012.06.20 23:55:08 | 000,271,838 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_20.06.2012_23.52.00_log.txt
[2011.07.19 03:53:29 | 000,003,180 | ---- | M] () -- C:\z_prof_log.txt

< %systemroot%\Fonts\*.com >
[2009.07.14 08:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 08:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 08:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 08:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011.04.06 16:05:51 | 000,000,221 | -HS- | M] () -- C:\Users\Ioana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012.06.21 04:33:51 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Ioana\Desktop\ComboFix.exe
[2012.06.21 06:54:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
[2012.06.21 05:42:53 | 000,165,376 | ---- | M] () -- C:\Users\Ioana\Desktop\SystemLook_x64.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012.06.21 06:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 03:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000Core.job
[2012.06.21 06:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000UA.job
[2012.06.21 05:12:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.06.21 02:28:56 | 000,032,592 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011.04.12 10:27:28 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Ioana\AdbeRdr1001_en_US.exe

< %systemroot%\ADDINS\*.* >
[2009.06.11 00:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011.04.11 12:53:26 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011.04.11 12:53:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011.04.11 12:53:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011.04.11 12:53:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011.04.11 12:53:26 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011.04.11 12:53:26 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011.04.06 22:51:32 | 000,000,402 | -HS- | M] () -- C:\Users\Ioana\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2D133896
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A6F30843
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3E200C29
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 
extras.txt

OTL Extras logfile created on: 21.06.2012 06:57:49 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Ioana\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,37% Memory free
7,87 Gb Paging File | 5,55 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 45,30 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive D: | 148,83 Gb Total Space | 125,62 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive E: | 216,83 Gb Total Space | 98,99 Gb Free Space | 45,65% Space Free | Partition Type: NTFS

Computer Name: IOANA-PC | User Name: Ioana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CC1C101-88E7-4725-938F-54A98E571597}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{606BDE76-4102-4FED-8DC9-30A27CEB7F68}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{86BA783C-6820-4FB7-8C86-FAB9F3EF0FF5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F845F8EF-A4D7-4FF0-A616-DF033F6FB4DE}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostics Tool
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5ECFC170-8934-4D31-8374-0837288D6AE3}" = SolidWorks eDrawings 2011 x64 Edition SP0
"{5F590D74-AA75-410F-A778-3CDFCE12DCD4}" = SolidWorks Explorer 2011 SP0 x64 Edition
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B9C64DC8-721C-469B-A6C0-07A60BAFC02B}" = ESET Smart Security
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Airytec Switch Off" = Airytec Switch Off
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{5030C973-F5BA-4432-860C-A3DA77BFEB05}" = Qualcomm Gobi 2000 Package for Dell
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BSPlayerf" = BS.Player FREE
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Exceed" = Exceed for Windows NT
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"Haunted Hotel 4 - Charles Dexter Ward Collector's EditionFinal" = Haunted Hotel 4 - Charles Dexter Ward Collector's Edition
"HP-MPI_is1" = HP-MPI 2.0
"iLivid" = iLivid
"Mahjongg Dimensions Deluxe 2 - Tiles in Time1.0" = Mahjongg Dimensions Deluxe 2 - Tiles in Time
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mendeley Desktop" = Mendeley Desktop 1.3.1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Music Editor Free" = Music Editor Free
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SolidWorks Installation Manager 20110-40000-1100-100" = SolidWorks 2011 x64 Edition SP0
"SopCast" = SopCast 3.4.0
"Syberia 1 1.00" = Syberia 1 1.00
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"Winamp" = Winamp
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.04.2012 08:23:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
Description =

Error - 09.04.2012 08:31:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
Description =

Error - 09.04.2012 08:39:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
Description =

Error - 09.04.2012 08:47:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
Description =

Error - 09.04.2012 08:55:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
Description =

Error - 09.04.2012 09:03:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
Description =

Error - 10.04.2012 03:59:03 | Computer Name = Ioana-PC | Source = Application Hang | ID = 1002
Description = The program acad.exe version 24.0.55.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 17dc Start Time:
01cd16efb459a8d8 Termination Time: 37 Application Path: C:\Program Files\AutoCAD
2010\acad.exe Report Id: 06813143-82e3-11e1-8a35-f04da24aed35

Error - 10.04.2012 05:52:21 | Computer Name = Ioana-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 13.04.2012 16:09:01 | Computer Name = Ioana-PC | Source = LMS | ID = 2
Description = The service process could not connect to the service controller.

Error - 14.04.2012 16:56:31 | Computer Name = Ioana-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

[ Broadcom Wireless LAN Events ]
Error - 30.04.2012 14:53:48 | Computer Name = Ioana-PC | Source = WLAN-Tray | ID = 0
Description = 21:53:48, Mon, Apr 30, 12 Error - Unable to gain access to user store


Error - 03.06.2012 14:48:10 | Computer Name = Ioana-PC | Source = WLAN-Tray | ID = 0
Description = 21:48:09, Sun, Jun 03, 12 Error - Unable to gain access to user store


[ OSession Events ]
Error - 30.11.2011 20:22:09 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11083
seconds with 4320 seconds of active time. This session ended with a crash.

Error - 01.12.2011 09:42:56 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10560
seconds with 4800 seconds of active time. This session ended with a crash.

Error - 02.12.2011 05:55:57 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8894
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 16.12.2011 06:39:49 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3416
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 16.12.2011 06:45:26 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 250
seconds with 240 seconds of active time. This session ended with a crash.

Error - 16.12.2011 06:55:24 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 524
seconds with 360 seconds of active time. This session ended with a crash.

Error - 18.12.2011 06:25:00 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2205
seconds with 780 seconds of active time. This session ended with a crash.

Error - 17.01.2012 19:07:34 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2493
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 18.01.2012 04:25:41 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 263
seconds with 240 seconds of active time. This session ended with a crash.

Error - 18.01.2012 04:31:00 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 276
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20.06.2012 22:12:08 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 20.06.2012 22:12:15 | Computer Name = Ioana-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 20.06.2012 22:12:15 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7001
Description = The Internet Connection Sharing (ICS) service depends on the Remote
Access Connection Manager service which failed to start because of the following
error: %%1058

Error - 20.06.2012 22:12:16 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 20.06.2012 22:12:37 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7034
Description = The HP-MPI Remote Launch service terminated unexpectedly. It has
done this 1 time(s).

Error - 20.06.2012 22:14:27 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 20.06.2012 22:57:58 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 20.06.2012 23:00:08 | Computer Name = Ioana-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 20.06.2012 23:00:08 | Computer Name = Ioana-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 20.06.2012 23:00:40 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
since 6:18 eset hasn't reported anything anymore. I hope it will remain this way .

looking forward to hear from you . thank you
 
Good news :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    @Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
    @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:4A8EB1C4
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
    @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:18DEBC51
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:14B2E0BD
    @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2D133896
    @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
    @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A6F30843
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:012BC84F
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:474022C7
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3E200C29
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Thanks for reply, unfortunatlly I had to go to work and I can't download anything from here. tonight when I'll arrive home I'll get right to work
 
I've done the scanning with OTL; here is the log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
ADS C:\ProgramData\TEMP:943971F5 deleted successfully.
ADS C:\ProgramData\TEMP:EE198B1F deleted successfully.
ADS C:\ProgramData\TEMP:4A8EB1C4 deleted successfully.
ADS C:\ProgramData\TEMP:1A15E356 deleted successfully.
ADS C:\ProgramData\TEMP:87A3A233 deleted successfully.
ADS C:\ProgramData\TEMP:18DEBC51 deleted successfully.
ADS C:\ProgramData\TEMP:14B2E0BD deleted successfully.
ADS C:\ProgramData\TEMP:2D133896 deleted successfully.
ADS C:\ProgramData\TEMP:58E38390 deleted successfully.
ADS C:\ProgramData\TEMP:6EE8565A deleted successfully.
ADS C:\ProgramData\TEMP:B4258C5D deleted successfully.
ADS C:\ProgramData\TEMP:1604D047 deleted successfully.
ADS C:\ProgramData\TEMP:C2F24DB5 deleted successfully.
ADS C:\ProgramData\TEMP:AA0017FD deleted successfully.
ADS C:\ProgramData\TEMP:85AA7074 deleted successfully.
ADS C:\ProgramData\TEMP:5520ED93 deleted successfully.
ADS C:\ProgramData\TEMP:F5D01D7C deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:ED2D63E4 deleted successfully.
ADS C:\ProgramData\TEMP:A6F30843 deleted successfully.
ADS C:\ProgramData\TEMP:5311B0B8 deleted successfully.
ADS C:\ProgramData\TEMP:B0456F0C deleted successfully.
ADS C:\ProgramData\TEMP:012BC84F deleted successfully.
ADS C:\ProgramData\TEMP:6A0A47E7 deleted successfully.
ADS C:\ProgramData\TEMP:474022C7 deleted successfully.
ADS C:\ProgramData\TEMP:26499772 deleted successfully.
ADS C:\ProgramData\TEMP:2652902F deleted successfully.
ADS C:\ProgramData\TEMP:D026A5A4 deleted successfully.
ADS C:\ProgramData\TEMP:1B389835 deleted successfully.
ADS C:\ProgramData\TEMP:3E200C29 deleted successfully.
ADS C:\ProgramData\TEMP:02CC0035 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]


For the rest I'll just have to wait to get home
 
Another thing: when I started the laptot, eset smart returned a message that sounds like this:

Name: C:\Qoobox\Quarantine\CWindows\assembly\GAC_64\Desktop.ini.vir
Threat: Win64/Sirefef.AD trojan
Action: impossible to clean
User: NT AUTHORITY\LOCAL SERVICE


But this was before the OTL log that I sent just now.
 
I might be able to to this from work :)

This is the log from security check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 26
Out of date Java installed!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
 
Log for Farbar Service Scanner:

Farbar Service Scanner Version: 19-06-2012 01
Ran by Ioana (administrator) on 21-06-2012 at 11:12:28
Running from "C:\Users\Ioana\Downloads"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-14 02:25] - [2009-07-14 04:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll
[2009-07-14 02:21] - [2009-07-14 04:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-14 03:09] - [2009-07-14 04:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 02:36] - [2009-07-14 04:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 03:36] - [2009-07-14 04:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
yep, just as I thought, I can't do the online scanner cause it doesn't download the files it needs.
 
hello again, I ran the f-secure online scanner and this is the report:

[FONT=verdana][FONT=Arial]Scanning Report[/FONT][/FONT]

[FONT=verdana][FONT=Arial]Friday, June 22, 2012 00:55:44 - 01:03:12[/FONT][/FONT]

[FONT=verdana]Computer name: IOANA-PC
Scanning type: Quick scan
Target: System
[/FONT]
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]12 malware found[/FONT][/FONT]

[FONT=verdana]TrackingCookie.Questionmarket[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Adinterax[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.2o7[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Advertising[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Atdmt[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]Trojan.Generic.7511814[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Doubleclick[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Adbrite[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Webtrends[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Statcounter[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Atwola[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Yieldmanager[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Statistics[/FONT][/FONT]

[FONT=verdana]Scanned:[/FONT]
  • Files: 6330
  • System: 6330
  • Not scanned: 0
[FONT=verdana]Actions:[/FONT]
  • Disinfected: 12
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Options[/FONT][/FONT]

[FONT=verdana]Scanning engines:[/FONT]
 
when I started the laptot, eset smart returned a message that sounds like this
That file is already in Combofix quarantine folder so there is nothing to worry about. You can either allow Eset ot fix it or it'll be removed when we uninstall Combofix.

===============================================

Now I can see some issues with Windows Update and Action Center so we'll have to attempt to fix it.

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check

Capture3.gif




Once that is done then go to step 3 and allow it to run SFC

Capture.gif



On the the Start Repairs tab. Click the Advanced Mode and click Start

Capture1.gif



Please ensure that items seen in the image below are ticked as well as the Repair MSI (Windows Installer) & Set Windows Services to Default Setup.

Click on box next to the Restart System when Finished. Then click on Start

internetrepairtweakingtool.jpg


Then post new FSS log.
 
First of all, let me thank you for your interest in my laptop's well being:D
An second I have a problem with the windows repair. when I get to Start Repairs mine looks like this:problem.png

I've tried 2 times, made all the steps and still this. maybe I can find the variant you're using by browsing some torrents...don't know what to say
 
The Info on the right is not the same with what you showed me "set windows service to default startup"

Untitled.png
 
Back